search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ARM: 6979/1: mach-vt8500: add forgotten irq_data conversion
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / bluetooth / hci_event.c
blob77930aa522e3456231d6482f0683d60598771937
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI event handling. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
39 #include <net/sock.h>
40
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47
48 /* Handle HCI Event packets */
49
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51 {
52 __u8 status = *((__u8 *) skb->data);
53
54 BT_DBG("%s status 0x%x", hdev->name, status);
55
56 if (status)
57 return;
58
59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
62
63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
64
65 hci_conn_check_pending(hdev);
66 }
67
68 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
69 {
70 __u8 status = *((__u8 *) skb->data);
71
72 BT_DBG("%s status 0x%x", hdev->name, status);
73
74 if (status)
75 return;
76
77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
80
81 hci_conn_check_pending(hdev);
82 }
83
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
85 {
86 BT_DBG("%s", hdev->name);
87 }
88
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90 {
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
107 }
108
109 hci_dev_unlock(hdev);
110 }
111
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113 {
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129 }
130
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
132 {
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
135 void *sent;
136
137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
138
139 if (rp->status)
140 return;
141
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
145
146 hci_dev_lock(hdev);
147
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
149 if (conn)
150 conn->link_policy = get_unaligned_le16(sent + 2);
151
152 hci_dev_unlock(hdev);
153 }
154
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156 {
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
160
161 if (rp->status)
162 return;
163
164 hdev->link_policy = __le16_to_cpu(rp->policy);
165 }
166
167 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
168 {
169 __u8 status = *((__u8 *) skb->data);
170 void *sent;
171
172 BT_DBG("%s status 0x%x", hdev->name, status);
173
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
175 if (!sent)
176 return;
177
178 if (!status)
179 hdev->link_policy = get_unaligned_le16(sent);
180
181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
182 }
183
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185 {
186 __u8 status = *((__u8 *) skb->data);
187
188 BT_DBG("%s status 0x%x", hdev->name, status);
189
190 clear_bit(HCI_RESET, &hdev->flags);
191
192 hci_req_complete(hdev, HCI_OP_RESET, status);
193 }
194
195 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
196 {
197 __u8 status = *((__u8 *) skb->data);
198 void *sent;
199
200 BT_DBG("%s status 0x%x", hdev->name, status);
201
202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
203 if (!sent)
204 return;
205
206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
208
209 if (status)
210 return;
211
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
213 }
214
215 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
216 {
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
218
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
220
221 if (rp->status)
222 return;
223
224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
225 }
226
227 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
228 {
229 __u8 status = *((__u8 *) skb->data);
230 void *sent;
231
232 BT_DBG("%s status 0x%x", hdev->name, status);
233
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
235 if (!sent)
236 return;
237
238 if (!status) {
239 __u8 param = *((__u8 *) sent);
240
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
243 else
244 clear_bit(HCI_AUTH, &hdev->flags);
245 }
246
247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
248 }
249
250 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
251 {
252 __u8 status = *((__u8 *) skb->data);
253 void *sent;
254
255 BT_DBG("%s status 0x%x", hdev->name, status);
256
257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
258 if (!sent)
259 return;
260
261 if (!status) {
262 __u8 param = *((__u8 *) sent);
263
264 if (param)
265 set_bit(HCI_ENCRYPT, &hdev->flags);
266 else
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 }
269
270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
271 }
272
273 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
274 {
275 __u8 status = *((__u8 *) skb->data);
276 void *sent;
277
278 BT_DBG("%s status 0x%x", hdev->name, status);
279
280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
281 if (!sent)
282 return;
283
284 if (!status) {
285 __u8 param = *((__u8 *) sent);
286 int old_pscan, old_iscan;
287
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
290
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
297
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
300 if (!old_pscan)
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
304 }
305
306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
307 }
308
309 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
310 {
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
312
313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
314
315 if (rp->status)
316 return;
317
318 memcpy(hdev->dev_class, rp->dev_class, 3);
319
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
322 }
323
324 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
325 {
326 __u8 status = *((__u8 *) skb->data);
327 void *sent;
328
329 BT_DBG("%s status 0x%x", hdev->name, status);
330
331 if (status)
332 return;
333
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
335 if (!sent)
336 return;
337
338 memcpy(hdev->dev_class, sent, 3);
339 }
340
341 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
342 {
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
344 __u16 setting;
345
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
347
348 if (rp->status)
349 return;
350
351 setting = __le16_to_cpu(rp->voice_setting);
352
353 if (hdev->voice_setting == setting)
354 return;
355
356 hdev->voice_setting = setting;
357
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
359
360 if (hdev->notify) {
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
364 }
365 }
366
367 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368 {
369 __u8 status = *((__u8 *) skb->data);
370 __u16 setting;
371 void *sent;
372
373 BT_DBG("%s status 0x%x", hdev->name, status);
374
375 if (status)
376 return;
377
378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
379 if (!sent)
380 return;
381
382 setting = get_unaligned_le16(sent);
383
384 if (hdev->voice_setting == setting)
385 return;
386
387 hdev->voice_setting = setting;
388
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
390
391 if (hdev->notify) {
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
395 }
396 }
397
398 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
399 {
400 __u8 status = *((__u8 *) skb->data);
401
402 BT_DBG("%s status 0x%x", hdev->name, status);
403
404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
405 }
406
407 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
408 {
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
410
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
412
413 if (rp->status)
414 return;
415
416 hdev->ssp_mode = rp->mode;
417 }
418
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
420 {
421 __u8 status = *((__u8 *) skb->data);
422 void *sent;
423
424 BT_DBG("%s status 0x%x", hdev->name, status);
425
426 if (status)
427 return;
428
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
430 if (!sent)
431 return;
432
433 hdev->ssp_mode = *((__u8 *) sent);
434 }
435
436 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
437 {
438 if (hdev->features[6] & LMP_EXT_INQ)
439 return 2;
440
441 if (hdev->features[3] & LMP_RSSI_INQ)
442 return 1;
443
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
446 return 1;
447
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
450 return 1;
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
454 return 1;
455 }
456
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
459 return 1;
460
461 return 0;
462 }
463
464 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
465 {
466 u8 mode;
467
468 mode = hci_get_inquiry_mode(hdev);
469
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
471 }
472
473 static void hci_setup_event_mask(struct hci_dev *hdev)
474 {
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
479
480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
483 return;
484
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
490
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
493
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
496
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
499
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
502
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
505
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
508
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
520 }
521
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
524
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526 }
527
528 static void hci_setup(struct hci_dev *hdev)
529 {
530 hci_setup_event_mask(hdev);
531
532 if (hdev->lmp_ver > 1)
533 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
534
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
536 u8 mode = 0x01;
537 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
538 }
539
540 if (hdev->features[3] & LMP_RSSI_INQ)
541 hci_setup_inquiry_mode(hdev);
542
543 if (hdev->features[7] & LMP_INQ_TX_PWR)
544 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
545 }
546
547 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
548 {
549 struct hci_rp_read_local_version *rp = (void *) skb->data;
550
551 BT_DBG("%s status 0x%x", hdev->name, rp->status);
552
553 if (rp->status)
554 return;
555
556 hdev->hci_ver = rp->hci_ver;
557 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
558 hdev->lmp_ver = rp->lmp_ver;
559 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
560 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
561
562 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
563 hdev->manufacturer,
564 hdev->hci_ver, hdev->hci_rev);
565
566 if (test_bit(HCI_INIT, &hdev->flags))
567 hci_setup(hdev);
568 }
569
570 static void hci_setup_link_policy(struct hci_dev *hdev)
571 {
572 u16 link_policy = 0;
573
574 if (hdev->features[0] & LMP_RSWITCH)
575 link_policy |= HCI_LP_RSWITCH;
576 if (hdev->features[0] & LMP_HOLD)
577 link_policy |= HCI_LP_HOLD;
578 if (hdev->features[0] & LMP_SNIFF)
579 link_policy |= HCI_LP_SNIFF;
580 if (hdev->features[1] & LMP_PARK)
581 link_policy |= HCI_LP_PARK;
582
583 link_policy = cpu_to_le16(link_policy);
584 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
585 sizeof(link_policy), &link_policy);
586 }
587
588 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
589 {
590 struct hci_rp_read_local_commands *rp = (void *) skb->data;
591
592 BT_DBG("%s status 0x%x", hdev->name, rp->status);
593
594 if (rp->status)
595 goto done;
596
597 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
598
599 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
600 hci_setup_link_policy(hdev);
601
602 done:
603 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
604 }
605
606 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
607 {
608 struct hci_rp_read_local_features *rp = (void *) skb->data;
609
610 BT_DBG("%s status 0x%x", hdev->name, rp->status);
611
612 if (rp->status)
613 return;
614
615 memcpy(hdev->features, rp->features, 8);
616
617 /* Adjust default settings according to features
618 * supported by device. */
619
620 if (hdev->features[0] & LMP_3SLOT)
621 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
622
623 if (hdev->features[0] & LMP_5SLOT)
624 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
625
626 if (hdev->features[1] & LMP_HV2) {
627 hdev->pkt_type |= (HCI_HV2);
628 hdev->esco_type |= (ESCO_HV2);
629 }
630
631 if (hdev->features[1] & LMP_HV3) {
632 hdev->pkt_type |= (HCI_HV3);
633 hdev->esco_type |= (ESCO_HV3);
634 }
635
636 if (hdev->features[3] & LMP_ESCO)
637 hdev->esco_type |= (ESCO_EV3);
638
639 if (hdev->features[4] & LMP_EV4)
640 hdev->esco_type |= (ESCO_EV4);
641
642 if (hdev->features[4] & LMP_EV5)
643 hdev->esco_type |= (ESCO_EV5);
644
645 if (hdev->features[5] & LMP_EDR_ESCO_2M)
646 hdev->esco_type |= (ESCO_2EV3);
647
648 if (hdev->features[5] & LMP_EDR_ESCO_3M)
649 hdev->esco_type |= (ESCO_3EV3);
650
651 if (hdev->features[5] & LMP_EDR_3S_ESCO)
652 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
653
654 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
655 hdev->features[0], hdev->features[1],
656 hdev->features[2], hdev->features[3],
657 hdev->features[4], hdev->features[5],
658 hdev->features[6], hdev->features[7]);
659 }
660
661 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
662 {
663 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
664
665 BT_DBG("%s status 0x%x", hdev->name, rp->status);
666
667 if (rp->status)
668 return;
669
670 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
671 hdev->sco_mtu = rp->sco_mtu;
672 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
673 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
674
675 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
676 hdev->sco_mtu = 64;
677 hdev->sco_pkts = 8;
678 }
679
680 hdev->acl_cnt = hdev->acl_pkts;
681 hdev->sco_cnt = hdev->sco_pkts;
682
683 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
684 hdev->acl_mtu, hdev->acl_pkts,
685 hdev->sco_mtu, hdev->sco_pkts);
686 }
687
688 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
689 {
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
691
692 BT_DBG("%s status 0x%x", hdev->name, rp->status);
693
694 if (!rp->status)
695 bacpy(&hdev->bdaddr, &rp->bdaddr);
696
697 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
698 }
699
700 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
701 {
702 __u8 status = *((__u8 *) skb->data);
703
704 BT_DBG("%s status 0x%x", hdev->name, status);
705
706 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
707 }
708
709 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
710 struct sk_buff *skb)
711 {
712 __u8 status = *((__u8 *) skb->data);
713
714 BT_DBG("%s status 0x%x", hdev->name, status);
715
716 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
717 }
718
719 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
720 {
721 __u8 status = *((__u8 *) skb->data);
722
723 BT_DBG("%s status 0x%x", hdev->name, status);
724
725 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
726 }
727
728 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
729 struct sk_buff *skb)
730 {
731 __u8 status = *((__u8 *) skb->data);
732
733 BT_DBG("%s status 0x%x", hdev->name, status);
734
735 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
736 }
737
738 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
739 struct sk_buff *skb)
740 {
741 __u8 status = *((__u8 *) skb->data);
742
743 BT_DBG("%s status 0x%x", hdev->name, status);
744
745 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
746 }
747
748 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
749 {
750 __u8 status = *((__u8 *) skb->data);
751
752 BT_DBG("%s status 0x%x", hdev->name, status);
753
754 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
755 }
756
757 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
758 {
759 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
760 struct hci_cp_pin_code_reply *cp;
761 struct hci_conn *conn;
762
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764
765 if (test_bit(HCI_MGMT, &hdev->flags))
766 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
767
768 if (rp->status != 0)
769 return;
770
771 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
772 if (!cp)
773 return;
774
775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
776 if (conn)
777 conn->pin_length = cp->pin_len;
778 }
779
780 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781 {
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
785
786 if (test_bit(HCI_MGMT, &hdev->flags))
787 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
788 rp->status);
789 }
790 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct sk_buff *skb)
792 {
793 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
794
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
796
797 if (rp->status)
798 return;
799
800 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
801 hdev->le_pkts = rp->le_max_pkt;
802
803 hdev->le_cnt = hdev->le_pkts;
804
805 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
806
807 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
808 }
809
810 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
811 {
812 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
815
816 if (test_bit(HCI_MGMT, &hdev->flags))
817 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
818 rp->status);
819 }
820
821 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct sk_buff *skb)
823 {
824 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
825
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
827
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
830 rp->status);
831 }
832
833 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
834 struct sk_buff *skb)
835 {
836 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
837
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
839
840 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841 rp->randomizer, rp->status);
842 }
843
844 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
845 {
846 BT_DBG("%s status 0x%x", hdev->name, status);
847
848 if (status) {
849 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
850 hci_conn_check_pending(hdev);
851 return;
852 }
853
854 if (test_bit(HCI_MGMT, &hdev->flags) &&
855 !test_and_set_bit(HCI_INQUIRY,
856 &hdev->flags))
857 mgmt_discovering(hdev->id, 1);
858 }
859
860 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
861 {
862 struct hci_cp_create_conn *cp;
863 struct hci_conn *conn;
864
865 BT_DBG("%s status 0x%x", hdev->name, status);
866
867 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
868 if (!cp)
869 return;
870
871 hci_dev_lock(hdev);
872
873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
874
875 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
876
877 if (status) {
878 if (conn && conn->state == BT_CONNECT) {
879 if (status != 0x0c || conn->attempt > 2) {
880 conn->state = BT_CLOSED;
881 hci_proto_connect_cfm(conn, status);
882 hci_conn_del(conn);
883 } else
884 conn->state = BT_CONNECT2;
885 }
886 } else {
887 if (!conn) {
888 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
889 if (conn) {
890 conn->out = 1;
891 conn->link_mode |= HCI_LM_MASTER;
892 } else
893 BT_ERR("No memory for new connection");
894 }
895 }
896
897 hci_dev_unlock(hdev);
898 }
899
900 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
901 {
902 struct hci_cp_add_sco *cp;
903 struct hci_conn *acl, *sco;
904 __u16 handle;
905
906 BT_DBG("%s status 0x%x", hdev->name, status);
907
908 if (!status)
909 return;
910
911 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
912 if (!cp)
913 return;
914
915 handle = __le16_to_cpu(cp->handle);
916
917 BT_DBG("%s handle %d", hdev->name, handle);
918
919 hci_dev_lock(hdev);
920
921 acl = hci_conn_hash_lookup_handle(hdev, handle);
922 if (acl) {
923 sco = acl->link;
924 if (sco) {
925 sco->state = BT_CLOSED;
926
927 hci_proto_connect_cfm(sco, status);
928 hci_conn_del(sco);
929 }
930 }
931
932 hci_dev_unlock(hdev);
933 }
934
935 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
936 {
937 struct hci_cp_auth_requested *cp;
938 struct hci_conn *conn;
939
940 BT_DBG("%s status 0x%x", hdev->name, status);
941
942 if (!status)
943 return;
944
945 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
946 if (!cp)
947 return;
948
949 hci_dev_lock(hdev);
950
951 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
952 if (conn) {
953 if (conn->state == BT_CONFIG) {
954 hci_proto_connect_cfm(conn, status);
955 hci_conn_put(conn);
956 }
957 }
958
959 hci_dev_unlock(hdev);
960 }
961
962 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
963 {
964 struct hci_cp_set_conn_encrypt *cp;
965 struct hci_conn *conn;
966
967 BT_DBG("%s status 0x%x", hdev->name, status);
968
969 if (!status)
970 return;
971
972 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
973 if (!cp)
974 return;
975
976 hci_dev_lock(hdev);
977
978 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
979 if (conn) {
980 if (conn->state == BT_CONFIG) {
981 hci_proto_connect_cfm(conn, status);
982 hci_conn_put(conn);
983 }
984 }
985
986 hci_dev_unlock(hdev);
987 }
988
989 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
990 struct hci_conn *conn)
991 {
992 if (conn->state != BT_CONFIG || !conn->out)
993 return 0;
994
995 if (conn->pending_sec_level == BT_SECURITY_SDP)
996 return 0;
997
998 /* Only request authentication for SSP connections or non-SSP
999 * devices with sec_level HIGH */
1000 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1001 conn->pending_sec_level != BT_SECURITY_HIGH)
1002 return 0;
1003
1004 return 1;
1005 }
1006
1007 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1008 {
1009 struct hci_cp_remote_name_req *cp;
1010 struct hci_conn *conn;
1011
1012 BT_DBG("%s status 0x%x", hdev->name, status);
1013
1014 /* If successful wait for the name req complete event before
1015 * checking for the need to do authentication */
1016 if (!status)
1017 return;
1018
1019 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1020 if (!cp)
1021 return;
1022
1023 hci_dev_lock(hdev);
1024
1025 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1026 if (!conn)
1027 goto unlock;
1028
1029 if (!hci_outgoing_auth_needed(hdev, conn))
1030 goto unlock;
1031
1032 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1033 struct hci_cp_auth_requested cp;
1034 cp.handle = __cpu_to_le16(conn->handle);
1035 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1036 }
1037
1038 unlock:
1039 hci_dev_unlock(hdev);
1040 }
1041
1042 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1043 {
1044 struct hci_cp_read_remote_features *cp;
1045 struct hci_conn *conn;
1046
1047 BT_DBG("%s status 0x%x", hdev->name, status);
1048
1049 if (!status)
1050 return;
1051
1052 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1053 if (!cp)
1054 return;
1055
1056 hci_dev_lock(hdev);
1057
1058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1059 if (conn) {
1060 if (conn->state == BT_CONFIG) {
1061 hci_proto_connect_cfm(conn, status);
1062 hci_conn_put(conn);
1063 }
1064 }
1065
1066 hci_dev_unlock(hdev);
1067 }
1068
1069 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1070 {
1071 struct hci_cp_read_remote_ext_features *cp;
1072 struct hci_conn *conn;
1073
1074 BT_DBG("%s status 0x%x", hdev->name, status);
1075
1076 if (!status)
1077 return;
1078
1079 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1080 if (!cp)
1081 return;
1082
1083 hci_dev_lock(hdev);
1084
1085 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1086 if (conn) {
1087 if (conn->state == BT_CONFIG) {
1088 hci_proto_connect_cfm(conn, status);
1089 hci_conn_put(conn);
1090 }
1091 }
1092
1093 hci_dev_unlock(hdev);
1094 }
1095
1096 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1097 {
1098 struct hci_cp_setup_sync_conn *cp;
1099 struct hci_conn *acl, *sco;
1100 __u16 handle;
1101
1102 BT_DBG("%s status 0x%x", hdev->name, status);
1103
1104 if (!status)
1105 return;
1106
1107 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1108 if (!cp)
1109 return;
1110
1111 handle = __le16_to_cpu(cp->handle);
1112
1113 BT_DBG("%s handle %d", hdev->name, handle);
1114
1115 hci_dev_lock(hdev);
1116
1117 acl = hci_conn_hash_lookup_handle(hdev, handle);
1118 if (acl) {
1119 sco = acl->link;
1120 if (sco) {
1121 sco->state = BT_CLOSED;
1122
1123 hci_proto_connect_cfm(sco, status);
1124 hci_conn_del(sco);
1125 }
1126 }
1127
1128 hci_dev_unlock(hdev);
1129 }
1130
1131 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1132 {
1133 struct hci_cp_sniff_mode *cp;
1134 struct hci_conn *conn;
1135
1136 BT_DBG("%s status 0x%x", hdev->name, status);
1137
1138 if (!status)
1139 return;
1140
1141 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1142 if (!cp)
1143 return;
1144
1145 hci_dev_lock(hdev);
1146
1147 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1148 if (conn) {
1149 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1150
1151 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1152 hci_sco_setup(conn, status);
1153 }
1154
1155 hci_dev_unlock(hdev);
1156 }
1157
1158 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1159 {
1160 struct hci_cp_exit_sniff_mode *cp;
1161 struct hci_conn *conn;
1162
1163 BT_DBG("%s status 0x%x", hdev->name, status);
1164
1165 if (!status)
1166 return;
1167
1168 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1169 if (!cp)
1170 return;
1171
1172 hci_dev_lock(hdev);
1173
1174 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1175 if (conn) {
1176 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1177
1178 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1179 hci_sco_setup(conn, status);
1180 }
1181
1182 hci_dev_unlock(hdev);
1183 }
1184
1185 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1186 {
1187 struct hci_cp_le_create_conn *cp;
1188 struct hci_conn *conn;
1189
1190 BT_DBG("%s status 0x%x", hdev->name, status);
1191
1192 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1193 if (!cp)
1194 return;
1195
1196 hci_dev_lock(hdev);
1197
1198 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1199
1200 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1201 conn);
1202
1203 if (status) {
1204 if (conn && conn->state == BT_CONNECT) {
1205 conn->state = BT_CLOSED;
1206 hci_proto_connect_cfm(conn, status);
1207 hci_conn_del(conn);
1208 }
1209 } else {
1210 if (!conn) {
1211 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1212 if (conn)
1213 conn->out = 1;
1214 else
1215 BT_ERR("No memory for new connection");
1216 }
1217 }
1218
1219 hci_dev_unlock(hdev);
1220 }
1221
1222 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1223 {
1224 __u8 status = *((__u8 *) skb->data);
1225
1226 BT_DBG("%s status %d", hdev->name, status);
1227
1228 if (test_bit(HCI_MGMT, &hdev->flags) &&
1229 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1230 mgmt_discovering(hdev->id, 0);
1231
1232 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1233
1234 hci_conn_check_pending(hdev);
1235 }
1236
1237 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1238 {
1239 struct inquiry_data data;
1240 struct inquiry_info *info = (void *) (skb->data + 1);
1241 int num_rsp = *((__u8 *) skb->data);
1242
1243 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1244
1245 if (!num_rsp)
1246 return;
1247
1248 hci_dev_lock(hdev);
1249
1250 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1251
1252 if (test_bit(HCI_MGMT, &hdev->flags))
1253 mgmt_discovering(hdev->id, 1);
1254 }
1255
1256 for (; num_rsp; num_rsp--, info++) {
1257 bacpy(&data.bdaddr, &info->bdaddr);
1258 data.pscan_rep_mode = info->pscan_rep_mode;
1259 data.pscan_period_mode = info->pscan_period_mode;
1260 data.pscan_mode = info->pscan_mode;
1261 memcpy(data.dev_class, info->dev_class, 3);
1262 data.clock_offset = info->clock_offset;
1263 data.rssi = 0x00;
1264 data.ssp_mode = 0x00;
1265 hci_inquiry_cache_update(hdev, &data);
1266 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1267 NULL);
1268 }
1269
1270 hci_dev_unlock(hdev);
1271 }
1272
1273 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1274 {
1275 struct hci_ev_conn_complete *ev = (void *) skb->data;
1276 struct hci_conn *conn;
1277
1278 BT_DBG("%s", hdev->name);
1279
1280 hci_dev_lock(hdev);
1281
1282 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1283 if (!conn) {
1284 if (ev->link_type != SCO_LINK)
1285 goto unlock;
1286
1287 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1288 if (!conn)
1289 goto unlock;
1290
1291 conn->type = SCO_LINK;
1292 }
1293
1294 if (!ev->status) {
1295 conn->handle = __le16_to_cpu(ev->handle);
1296
1297 if (conn->type == ACL_LINK) {
1298 conn->state = BT_CONFIG;
1299 hci_conn_hold(conn);
1300 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1301 mgmt_connected(hdev->id, &ev->bdaddr);
1302 } else
1303 conn->state = BT_CONNECTED;
1304
1305 hci_conn_hold_device(conn);
1306 hci_conn_add_sysfs(conn);
1307
1308 if (test_bit(HCI_AUTH, &hdev->flags))
1309 conn->link_mode |= HCI_LM_AUTH;
1310
1311 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1312 conn->link_mode |= HCI_LM_ENCRYPT;
1313
1314 /* Get remote features */
1315 if (conn->type == ACL_LINK) {
1316 struct hci_cp_read_remote_features cp;
1317 cp.handle = ev->handle;
1318 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1319 sizeof(cp), &cp);
1320 }
1321
1322 /* Set packet type for incoming connection */
1323 if (!conn->out && hdev->hci_ver < 3) {
1324 struct hci_cp_change_conn_ptype cp;
1325 cp.handle = ev->handle;
1326 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1327 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1328 sizeof(cp), &cp);
1329 }
1330 } else {
1331 conn->state = BT_CLOSED;
1332 if (conn->type == ACL_LINK)
1333 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1334 }
1335
1336 if (conn->type == ACL_LINK)
1337 hci_sco_setup(conn, ev->status);
1338
1339 if (ev->status) {
1340 hci_proto_connect_cfm(conn, ev->status);
1341 hci_conn_del(conn);
1342 } else if (ev->link_type != ACL_LINK)
1343 hci_proto_connect_cfm(conn, ev->status);
1344
1345 unlock:
1346 hci_dev_unlock(hdev);
1347
1348 hci_conn_check_pending(hdev);
1349 }
1350
1351 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1352 {
1353 struct hci_ev_conn_request *ev = (void *) skb->data;
1354 int mask = hdev->link_mode;
1355
1356 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1357 batostr(&ev->bdaddr), ev->link_type);
1358
1359 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1360
1361 if ((mask & HCI_LM_ACCEPT) &&
1362 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1363 /* Connection accepted */
1364 struct inquiry_entry *ie;
1365 struct hci_conn *conn;
1366
1367 hci_dev_lock(hdev);
1368
1369 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1370 if (ie)
1371 memcpy(ie->data.dev_class, ev->dev_class, 3);
1372
1373 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1374 if (!conn) {
1375 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1376 if (!conn) {
1377 BT_ERR("No memory for new connection");
1378 hci_dev_unlock(hdev);
1379 return;
1380 }
1381 }
1382
1383 memcpy(conn->dev_class, ev->dev_class, 3);
1384 conn->state = BT_CONNECT;
1385
1386 hci_dev_unlock(hdev);
1387
1388 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1389 struct hci_cp_accept_conn_req cp;
1390
1391 bacpy(&cp.bdaddr, &ev->bdaddr);
1392
1393 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1394 cp.role = 0x00; /* Become master */
1395 else
1396 cp.role = 0x01; /* Remain slave */
1397
1398 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1399 sizeof(cp), &cp);
1400 } else {
1401 struct hci_cp_accept_sync_conn_req cp;
1402
1403 bacpy(&cp.bdaddr, &ev->bdaddr);
1404 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1405
1406 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1407 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1408 cp.max_latency = cpu_to_le16(0xffff);
1409 cp.content_format = cpu_to_le16(hdev->voice_setting);
1410 cp.retrans_effort = 0xff;
1411
1412 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1413 sizeof(cp), &cp);
1414 }
1415 } else {
1416 /* Connection rejected */
1417 struct hci_cp_reject_conn_req cp;
1418
1419 bacpy(&cp.bdaddr, &ev->bdaddr);
1420 cp.reason = 0x0f;
1421 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1422 }
1423 }
1424
1425 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1426 {
1427 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1428 struct hci_conn *conn;
1429
1430 BT_DBG("%s status %d", hdev->name, ev->status);
1431
1432 if (ev->status) {
1433 mgmt_disconnect_failed(hdev->id);
1434 return;
1435 }
1436
1437 hci_dev_lock(hdev);
1438
1439 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1440 if (!conn)
1441 goto unlock;
1442
1443 conn->state = BT_CLOSED;
1444
1445 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1446 mgmt_disconnected(hdev->id, &conn->dst);
1447
1448 hci_proto_disconn_cfm(conn, ev->reason);
1449 hci_conn_del(conn);
1450
1451 unlock:
1452 hci_dev_unlock(hdev);
1453 }
1454
1455 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1456 {
1457 struct hci_ev_auth_complete *ev = (void *) skb->data;
1458 struct hci_conn *conn;
1459
1460 BT_DBG("%s status %d", hdev->name, ev->status);
1461
1462 hci_dev_lock(hdev);
1463
1464 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1465 if (conn) {
1466 if (!ev->status) {
1467 conn->link_mode |= HCI_LM_AUTH;
1468 conn->sec_level = conn->pending_sec_level;
1469 } else {
1470 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1471 }
1472
1473 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1474
1475 if (conn->state == BT_CONFIG) {
1476 if (!ev->status && hdev->ssp_mode > 0 &&
1477 conn->ssp_mode > 0) {
1478 struct hci_cp_set_conn_encrypt cp;
1479 cp.handle = ev->handle;
1480 cp.encrypt = 0x01;
1481 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1482 sizeof(cp), &cp);
1483 } else {
1484 conn->state = BT_CONNECTED;
1485 hci_proto_connect_cfm(conn, ev->status);
1486 hci_conn_put(conn);
1487 }
1488 } else {
1489 hci_auth_cfm(conn, ev->status);
1490
1491 hci_conn_hold(conn);
1492 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1493 hci_conn_put(conn);
1494 }
1495
1496 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1497 if (!ev->status) {
1498 struct hci_cp_set_conn_encrypt cp;
1499 cp.handle = ev->handle;
1500 cp.encrypt = 0x01;
1501 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1502 sizeof(cp), &cp);
1503 } else {
1504 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1505 hci_encrypt_cfm(conn, ev->status, 0x00);
1506 }
1507 }
1508 }
1509
1510 hci_dev_unlock(hdev);
1511 }
1512
1513 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1514 {
1515 struct hci_ev_remote_name *ev = (void *) skb->data;
1516 struct hci_conn *conn;
1517
1518 BT_DBG("%s", hdev->name);
1519
1520 hci_conn_check_pending(hdev);
1521
1522 hci_dev_lock(hdev);
1523
1524 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1525 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1526
1527 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1528 if (!conn)
1529 goto unlock;
1530
1531 if (!hci_outgoing_auth_needed(hdev, conn))
1532 goto unlock;
1533
1534 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1535 struct hci_cp_auth_requested cp;
1536 cp.handle = __cpu_to_le16(conn->handle);
1537 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1538 }
1539
1540 unlock:
1541 hci_dev_unlock(hdev);
1542 }
1543
1544 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1545 {
1546 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1547 struct hci_conn *conn;
1548
1549 BT_DBG("%s status %d", hdev->name, ev->status);
1550
1551 hci_dev_lock(hdev);
1552
1553 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1554 if (conn) {
1555 if (!ev->status) {
1556 if (ev->encrypt) {
1557 /* Encryption implies authentication */
1558 conn->link_mode |= HCI_LM_AUTH;
1559 conn->link_mode |= HCI_LM_ENCRYPT;
1560 } else
1561 conn->link_mode &= ~HCI_LM_ENCRYPT;
1562 }
1563
1564 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1565
1566 if (conn->state == BT_CONFIG) {
1567 if (!ev->status)
1568 conn->state = BT_CONNECTED;
1569
1570 hci_proto_connect_cfm(conn, ev->status);
1571 hci_conn_put(conn);
1572 } else
1573 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1574 }
1575
1576 hci_dev_unlock(hdev);
1577 }
1578
1579 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1580 {
1581 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1582 struct hci_conn *conn;
1583
1584 BT_DBG("%s status %d", hdev->name, ev->status);
1585
1586 hci_dev_lock(hdev);
1587
1588 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1589 if (conn) {
1590 if (!ev->status)
1591 conn->link_mode |= HCI_LM_SECURE;
1592
1593 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1594
1595 hci_key_change_cfm(conn, ev->status);
1596 }
1597
1598 hci_dev_unlock(hdev);
1599 }
1600
1601 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1602 {
1603 struct hci_ev_remote_features *ev = (void *) skb->data;
1604 struct hci_conn *conn;
1605
1606 BT_DBG("%s status %d", hdev->name, ev->status);
1607
1608 hci_dev_lock(hdev);
1609
1610 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1611 if (!conn)
1612 goto unlock;
1613
1614 if (!ev->status)
1615 memcpy(conn->features, ev->features, 8);
1616
1617 if (conn->state != BT_CONFIG)
1618 goto unlock;
1619
1620 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1621 struct hci_cp_read_remote_ext_features cp;
1622 cp.handle = ev->handle;
1623 cp.page = 0x01;
1624 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1625 sizeof(cp), &cp);
1626 goto unlock;
1627 }
1628
1629 if (!ev->status) {
1630 struct hci_cp_remote_name_req cp;
1631 memset(&cp, 0, sizeof(cp));
1632 bacpy(&cp.bdaddr, &conn->dst);
1633 cp.pscan_rep_mode = 0x02;
1634 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1635 }
1636
1637 if (!hci_outgoing_auth_needed(hdev, conn)) {
1638 conn->state = BT_CONNECTED;
1639 hci_proto_connect_cfm(conn, ev->status);
1640 hci_conn_put(conn);
1641 }
1642
1643 unlock:
1644 hci_dev_unlock(hdev);
1645 }
1646
1647 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1648 {
1649 BT_DBG("%s", hdev->name);
1650 }
1651
1652 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1653 {
1654 BT_DBG("%s", hdev->name);
1655 }
1656
1657 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1658 {
1659 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1660 __u16 opcode;
1661
1662 skb_pull(skb, sizeof(*ev));
1663
1664 opcode = __le16_to_cpu(ev->opcode);
1665
1666 switch (opcode) {
1667 case HCI_OP_INQUIRY_CANCEL:
1668 hci_cc_inquiry_cancel(hdev, skb);
1669 break;
1670
1671 case HCI_OP_EXIT_PERIODIC_INQ:
1672 hci_cc_exit_periodic_inq(hdev, skb);
1673 break;
1674
1675 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1676 hci_cc_remote_name_req_cancel(hdev, skb);
1677 break;
1678
1679 case HCI_OP_ROLE_DISCOVERY:
1680 hci_cc_role_discovery(hdev, skb);
1681 break;
1682
1683 case HCI_OP_READ_LINK_POLICY:
1684 hci_cc_read_link_policy(hdev, skb);
1685 break;
1686
1687 case HCI_OP_WRITE_LINK_POLICY:
1688 hci_cc_write_link_policy(hdev, skb);
1689 break;
1690
1691 case HCI_OP_READ_DEF_LINK_POLICY:
1692 hci_cc_read_def_link_policy(hdev, skb);
1693 break;
1694
1695 case HCI_OP_WRITE_DEF_LINK_POLICY:
1696 hci_cc_write_def_link_policy(hdev, skb);
1697 break;
1698
1699 case HCI_OP_RESET:
1700 hci_cc_reset(hdev, skb);
1701 break;
1702
1703 case HCI_OP_WRITE_LOCAL_NAME:
1704 hci_cc_write_local_name(hdev, skb);
1705 break;
1706
1707 case HCI_OP_READ_LOCAL_NAME:
1708 hci_cc_read_local_name(hdev, skb);
1709 break;
1710
1711 case HCI_OP_WRITE_AUTH_ENABLE:
1712 hci_cc_write_auth_enable(hdev, skb);
1713 break;
1714
1715 case HCI_OP_WRITE_ENCRYPT_MODE:
1716 hci_cc_write_encrypt_mode(hdev, skb);
1717 break;
1718
1719 case HCI_OP_WRITE_SCAN_ENABLE:
1720 hci_cc_write_scan_enable(hdev, skb);
1721 break;
1722
1723 case HCI_OP_READ_CLASS_OF_DEV:
1724 hci_cc_read_class_of_dev(hdev, skb);
1725 break;
1726
1727 case HCI_OP_WRITE_CLASS_OF_DEV:
1728 hci_cc_write_class_of_dev(hdev, skb);
1729 break;
1730
1731 case HCI_OP_READ_VOICE_SETTING:
1732 hci_cc_read_voice_setting(hdev, skb);
1733 break;
1734
1735 case HCI_OP_WRITE_VOICE_SETTING:
1736 hci_cc_write_voice_setting(hdev, skb);
1737 break;
1738
1739 case HCI_OP_HOST_BUFFER_SIZE:
1740 hci_cc_host_buffer_size(hdev, skb);
1741 break;
1742
1743 case HCI_OP_READ_SSP_MODE:
1744 hci_cc_read_ssp_mode(hdev, skb);
1745 break;
1746
1747 case HCI_OP_WRITE_SSP_MODE:
1748 hci_cc_write_ssp_mode(hdev, skb);
1749 break;
1750
1751 case HCI_OP_READ_LOCAL_VERSION:
1752 hci_cc_read_local_version(hdev, skb);
1753 break;
1754
1755 case HCI_OP_READ_LOCAL_COMMANDS:
1756 hci_cc_read_local_commands(hdev, skb);
1757 break;
1758
1759 case HCI_OP_READ_LOCAL_FEATURES:
1760 hci_cc_read_local_features(hdev, skb);
1761 break;
1762
1763 case HCI_OP_READ_BUFFER_SIZE:
1764 hci_cc_read_buffer_size(hdev, skb);
1765 break;
1766
1767 case HCI_OP_READ_BD_ADDR:
1768 hci_cc_read_bd_addr(hdev, skb);
1769 break;
1770
1771 case HCI_OP_WRITE_CA_TIMEOUT:
1772 hci_cc_write_ca_timeout(hdev, skb);
1773 break;
1774
1775 case HCI_OP_DELETE_STORED_LINK_KEY:
1776 hci_cc_delete_stored_link_key(hdev, skb);
1777 break;
1778
1779 case HCI_OP_SET_EVENT_MASK:
1780 hci_cc_set_event_mask(hdev, skb);
1781 break;
1782
1783 case HCI_OP_WRITE_INQUIRY_MODE:
1784 hci_cc_write_inquiry_mode(hdev, skb);
1785 break;
1786
1787 case HCI_OP_READ_INQ_RSP_TX_POWER:
1788 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1789 break;
1790
1791 case HCI_OP_SET_EVENT_FLT:
1792 hci_cc_set_event_flt(hdev, skb);
1793 break;
1794
1795 case HCI_OP_PIN_CODE_REPLY:
1796 hci_cc_pin_code_reply(hdev, skb);
1797 break;
1798
1799 case HCI_OP_PIN_CODE_NEG_REPLY:
1800 hci_cc_pin_code_neg_reply(hdev, skb);
1801 break;
1802
1803 case HCI_OP_READ_LOCAL_OOB_DATA:
1804 hci_cc_read_local_oob_data_reply(hdev, skb);
1805 break;
1806
1807 case HCI_OP_LE_READ_BUFFER_SIZE:
1808 hci_cc_le_read_buffer_size(hdev, skb);
1809 break;
1810
1811 case HCI_OP_USER_CONFIRM_REPLY:
1812 hci_cc_user_confirm_reply(hdev, skb);
1813 break;
1814
1815 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1816 hci_cc_user_confirm_neg_reply(hdev, skb);
1817 break;
1818
1819 default:
1820 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1821 break;
1822 }
1823
1824 if (ev->opcode != HCI_OP_NOP)
1825 del_timer(&hdev->cmd_timer);
1826
1827 if (ev->ncmd) {
1828 atomic_set(&hdev->cmd_cnt, 1);
1829 if (!skb_queue_empty(&hdev->cmd_q))
1830 tasklet_schedule(&hdev->cmd_task);
1831 }
1832 }
1833
1834 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1835 {
1836 struct hci_ev_cmd_status *ev = (void *) skb->data;
1837 __u16 opcode;
1838
1839 skb_pull(skb, sizeof(*ev));
1840
1841 opcode = __le16_to_cpu(ev->opcode);
1842
1843 switch (opcode) {
1844 case HCI_OP_INQUIRY:
1845 hci_cs_inquiry(hdev, ev->status);
1846 break;
1847
1848 case HCI_OP_CREATE_CONN:
1849 hci_cs_create_conn(hdev, ev->status);
1850 break;
1851
1852 case HCI_OP_ADD_SCO:
1853 hci_cs_add_sco(hdev, ev->status);
1854 break;
1855
1856 case HCI_OP_AUTH_REQUESTED:
1857 hci_cs_auth_requested(hdev, ev->status);
1858 break;
1859
1860 case HCI_OP_SET_CONN_ENCRYPT:
1861 hci_cs_set_conn_encrypt(hdev, ev->status);
1862 break;
1863
1864 case HCI_OP_REMOTE_NAME_REQ:
1865 hci_cs_remote_name_req(hdev, ev->status);
1866 break;
1867
1868 case HCI_OP_READ_REMOTE_FEATURES:
1869 hci_cs_read_remote_features(hdev, ev->status);
1870 break;
1871
1872 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1873 hci_cs_read_remote_ext_features(hdev, ev->status);
1874 break;
1875
1876 case HCI_OP_SETUP_SYNC_CONN:
1877 hci_cs_setup_sync_conn(hdev, ev->status);
1878 break;
1879
1880 case HCI_OP_SNIFF_MODE:
1881 hci_cs_sniff_mode(hdev, ev->status);
1882 break;
1883
1884 case HCI_OP_EXIT_SNIFF_MODE:
1885 hci_cs_exit_sniff_mode(hdev, ev->status);
1886 break;
1887
1888 case HCI_OP_DISCONNECT:
1889 if (ev->status != 0)
1890 mgmt_disconnect_failed(hdev->id);
1891 break;
1892
1893 case HCI_OP_LE_CREATE_CONN:
1894 hci_cs_le_create_conn(hdev, ev->status);
1895 break;
1896
1897 default:
1898 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1899 break;
1900 }
1901
1902 if (ev->opcode != HCI_OP_NOP)
1903 del_timer(&hdev->cmd_timer);
1904
1905 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1906 atomic_set(&hdev->cmd_cnt, 1);
1907 if (!skb_queue_empty(&hdev->cmd_q))
1908 tasklet_schedule(&hdev->cmd_task);
1909 }
1910 }
1911
1912 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1913 {
1914 struct hci_ev_role_change *ev = (void *) skb->data;
1915 struct hci_conn *conn;
1916
1917 BT_DBG("%s status %d", hdev->name, ev->status);
1918
1919 hci_dev_lock(hdev);
1920
1921 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1922 if (conn) {
1923 if (!ev->status) {
1924 if (ev->role)
1925 conn->link_mode &= ~HCI_LM_MASTER;
1926 else
1927 conn->link_mode |= HCI_LM_MASTER;
1928 }
1929
1930 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1931
1932 hci_role_switch_cfm(conn, ev->status, ev->role);
1933 }
1934
1935 hci_dev_unlock(hdev);
1936 }
1937
1938 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1939 {
1940 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1941 __le16 *ptr;
1942 int i;
1943
1944 skb_pull(skb, sizeof(*ev));
1945
1946 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1947
1948 if (skb->len < ev->num_hndl * 4) {
1949 BT_DBG("%s bad parameters", hdev->name);
1950 return;
1951 }
1952
1953 tasklet_disable(&hdev->tx_task);
1954
1955 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1956 struct hci_conn *conn;
1957 __u16 handle, count;
1958
1959 handle = get_unaligned_le16(ptr++);
1960 count = get_unaligned_le16(ptr++);
1961
1962 conn = hci_conn_hash_lookup_handle(hdev, handle);
1963 if (conn) {
1964 conn->sent -= count;
1965
1966 if (conn->type == ACL_LINK) {
1967 hdev->acl_cnt += count;
1968 if (hdev->acl_cnt > hdev->acl_pkts)
1969 hdev->acl_cnt = hdev->acl_pkts;
1970 } else if (conn->type == LE_LINK) {
1971 if (hdev->le_pkts) {
1972 hdev->le_cnt += count;
1973 if (hdev->le_cnt > hdev->le_pkts)
1974 hdev->le_cnt = hdev->le_pkts;
1975 } else {
1976 hdev->acl_cnt += count;
1977 if (hdev->acl_cnt > hdev->acl_pkts)
1978 hdev->acl_cnt = hdev->acl_pkts;
1979 }
1980 } else {
1981 hdev->sco_cnt += count;
1982 if (hdev->sco_cnt > hdev->sco_pkts)
1983 hdev->sco_cnt = hdev->sco_pkts;
1984 }
1985 }
1986 }
1987
1988 tasklet_schedule(&hdev->tx_task);
1989
1990 tasklet_enable(&hdev->tx_task);
1991 }
1992
1993 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1994 {
1995 struct hci_ev_mode_change *ev = (void *) skb->data;
1996 struct hci_conn *conn;
1997
1998 BT_DBG("%s status %d", hdev->name, ev->status);
1999
2000 hci_dev_lock(hdev);
2001
2002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2003 if (conn) {
2004 conn->mode = ev->mode;
2005 conn->interval = __le16_to_cpu(ev->interval);
2006
2007 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2008 if (conn->mode == HCI_CM_ACTIVE)
2009 conn->power_save = 1;
2010 else
2011 conn->power_save = 0;
2012 }
2013
2014 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2015 hci_sco_setup(conn, ev->status);
2016 }
2017
2018 hci_dev_unlock(hdev);
2019 }
2020
2021 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2022 {
2023 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2024 struct hci_conn *conn;
2025
2026 BT_DBG("%s", hdev->name);
2027
2028 hci_dev_lock(hdev);
2029
2030 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2031 if (conn && conn->state == BT_CONNECTED) {
2032 hci_conn_hold(conn);
2033 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2034 hci_conn_put(conn);
2035 }
2036
2037 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2038 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2039 sizeof(ev->bdaddr), &ev->bdaddr);
2040 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2041 u8 secure;
2042
2043 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2044 secure = 1;
2045 else
2046 secure = 0;
2047
2048 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2049 }
2050
2051 hci_dev_unlock(hdev);
2052 }
2053
2054 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2055 {
2056 struct hci_ev_link_key_req *ev = (void *) skb->data;
2057 struct hci_cp_link_key_reply cp;
2058 struct hci_conn *conn;
2059 struct link_key *key;
2060
2061 BT_DBG("%s", hdev->name);
2062
2063 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2064 return;
2065
2066 hci_dev_lock(hdev);
2067
2068 key = hci_find_link_key(hdev, &ev->bdaddr);
2069 if (!key) {
2070 BT_DBG("%s link key not found for %s", hdev->name,
2071 batostr(&ev->bdaddr));
2072 goto not_found;
2073 }
2074
2075 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2076 batostr(&ev->bdaddr));
2077
2078 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2079 key->type == HCI_LK_DEBUG_COMBINATION) {
2080 BT_DBG("%s ignoring debug key", hdev->name);
2081 goto not_found;
2082 }
2083
2084 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2085 if (conn) {
2086 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2087 conn->auth_type != 0xff &&
2088 (conn->auth_type & 0x01)) {
2089 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2090 goto not_found;
2091 }
2092
2093 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2094 conn->pending_sec_level == BT_SECURITY_HIGH) {
2095 BT_DBG("%s ignoring key unauthenticated for high \
2096 security", hdev->name);
2097 goto not_found;
2098 }
2099
2100 conn->key_type = key->type;
2101 conn->pin_length = key->pin_len;
2102 }
2103
2104 bacpy(&cp.bdaddr, &ev->bdaddr);
2105 memcpy(cp.link_key, key->val, 16);
2106
2107 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2108
2109 hci_dev_unlock(hdev);
2110
2111 return;
2112
2113 not_found:
2114 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2115 hci_dev_unlock(hdev);
2116 }
2117
2118 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2119 {
2120 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2121 struct hci_conn *conn;
2122 u8 pin_len = 0;
2123
2124 BT_DBG("%s", hdev->name);
2125
2126 hci_dev_lock(hdev);
2127
2128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2129 if (conn) {
2130 hci_conn_hold(conn);
2131 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2132 pin_len = conn->pin_length;
2133
2134 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2135 conn->key_type = ev->key_type;
2136
2137 hci_conn_put(conn);
2138 }
2139
2140 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2141 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2142 ev->key_type, pin_len);
2143
2144 hci_dev_unlock(hdev);
2145 }
2146
2147 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2148 {
2149 struct hci_ev_clock_offset *ev = (void *) skb->data;
2150 struct hci_conn *conn;
2151
2152 BT_DBG("%s status %d", hdev->name, ev->status);
2153
2154 hci_dev_lock(hdev);
2155
2156 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2157 if (conn && !ev->status) {
2158 struct inquiry_entry *ie;
2159
2160 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2161 if (ie) {
2162 ie->data.clock_offset = ev->clock_offset;
2163 ie->timestamp = jiffies;
2164 }
2165 }
2166
2167 hci_dev_unlock(hdev);
2168 }
2169
2170 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2171 {
2172 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2173 struct hci_conn *conn;
2174
2175 BT_DBG("%s status %d", hdev->name, ev->status);
2176
2177 hci_dev_lock(hdev);
2178
2179 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2180 if (conn && !ev->status)
2181 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2182
2183 hci_dev_unlock(hdev);
2184 }
2185
2186 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2187 {
2188 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2189 struct inquiry_entry *ie;
2190
2191 BT_DBG("%s", hdev->name);
2192
2193 hci_dev_lock(hdev);
2194
2195 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2196 if (ie) {
2197 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2198 ie->timestamp = jiffies;
2199 }
2200
2201 hci_dev_unlock(hdev);
2202 }
2203
2204 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2205 {
2206 struct inquiry_data data;
2207 int num_rsp = *((__u8 *) skb->data);
2208
2209 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2210
2211 if (!num_rsp)
2212 return;
2213
2214 hci_dev_lock(hdev);
2215
2216 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2217
2218 if (test_bit(HCI_MGMT, &hdev->flags))
2219 mgmt_discovering(hdev->id, 1);
2220 }
2221
2222 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2223 struct inquiry_info_with_rssi_and_pscan_mode *info;
2224 info = (void *) (skb->data + 1);
2225
2226 for (; num_rsp; num_rsp--, info++) {
2227 bacpy(&data.bdaddr, &info->bdaddr);
2228 data.pscan_rep_mode = info->pscan_rep_mode;
2229 data.pscan_period_mode = info->pscan_period_mode;
2230 data.pscan_mode = info->pscan_mode;
2231 memcpy(data.dev_class, info->dev_class, 3);
2232 data.clock_offset = info->clock_offset;
2233 data.rssi = info->rssi;
2234 data.ssp_mode = 0x00;
2235 hci_inquiry_cache_update(hdev, &data);
2236 mgmt_device_found(hdev->id, &info->bdaddr,
2237 info->dev_class, info->rssi,
2238 NULL);
2239 }
2240 } else {
2241 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2242
2243 for (; num_rsp; num_rsp--, info++) {
2244 bacpy(&data.bdaddr, &info->bdaddr);
2245 data.pscan_rep_mode = info->pscan_rep_mode;
2246 data.pscan_period_mode = info->pscan_period_mode;
2247 data.pscan_mode = 0x00;
2248 memcpy(data.dev_class, info->dev_class, 3);
2249 data.clock_offset = info->clock_offset;
2250 data.rssi = info->rssi;
2251 data.ssp_mode = 0x00;
2252 hci_inquiry_cache_update(hdev, &data);
2253 mgmt_device_found(hdev->id, &info->bdaddr,
2254 info->dev_class, info->rssi,
2255 NULL);
2256 }
2257 }
2258
2259 hci_dev_unlock(hdev);
2260 }
2261
2262 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2263 {
2264 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2265 struct hci_conn *conn;
2266
2267 BT_DBG("%s", hdev->name);
2268
2269 hci_dev_lock(hdev);
2270
2271 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2272 if (!conn)
2273 goto unlock;
2274
2275 if (!ev->status && ev->page == 0x01) {
2276 struct inquiry_entry *ie;
2277
2278 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2279 if (ie)
2280 ie->data.ssp_mode = (ev->features[0] & 0x01);
2281
2282 conn->ssp_mode = (ev->features[0] & 0x01);
2283 }
2284
2285 if (conn->state != BT_CONFIG)
2286 goto unlock;
2287
2288 if (!ev->status) {
2289 struct hci_cp_remote_name_req cp;
2290 memset(&cp, 0, sizeof(cp));
2291 bacpy(&cp.bdaddr, &conn->dst);
2292 cp.pscan_rep_mode = 0x02;
2293 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2294 }
2295
2296 if (!hci_outgoing_auth_needed(hdev, conn)) {
2297 conn->state = BT_CONNECTED;
2298 hci_proto_connect_cfm(conn, ev->status);
2299 hci_conn_put(conn);
2300 }
2301
2302 unlock:
2303 hci_dev_unlock(hdev);
2304 }
2305
2306 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2307 {
2308 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2309 struct hci_conn *conn;
2310
2311 BT_DBG("%s status %d", hdev->name, ev->status);
2312
2313 hci_dev_lock(hdev);
2314
2315 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2316 if (!conn) {
2317 if (ev->link_type == ESCO_LINK)
2318 goto unlock;
2319
2320 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2321 if (!conn)
2322 goto unlock;
2323
2324 conn->type = SCO_LINK;
2325 }
2326
2327 switch (ev->status) {
2328 case 0x00:
2329 conn->handle = __le16_to_cpu(ev->handle);
2330 conn->state = BT_CONNECTED;
2331
2332 hci_conn_hold_device(conn);
2333 hci_conn_add_sysfs(conn);
2334 break;
2335
2336 case 0x11: /* Unsupported Feature or Parameter Value */
2337 case 0x1c: /* SCO interval rejected */
2338 case 0x1a: /* Unsupported Remote Feature */
2339 case 0x1f: /* Unspecified error */
2340 if (conn->out && conn->attempt < 2) {
2341 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2342 (hdev->esco_type & EDR_ESCO_MASK);
2343 hci_setup_sync(conn, conn->link->handle);
2344 goto unlock;
2345 }
2346 /* fall through */
2347
2348 default:
2349 conn->state = BT_CLOSED;
2350 break;
2351 }
2352
2353 hci_proto_connect_cfm(conn, ev->status);
2354 if (ev->status)
2355 hci_conn_del(conn);
2356
2357 unlock:
2358 hci_dev_unlock(hdev);
2359 }
2360
2361 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2362 {
2363 BT_DBG("%s", hdev->name);
2364 }
2365
2366 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2367 {
2368 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2369
2370 BT_DBG("%s status %d", hdev->name, ev->status);
2371 }
2372
2373 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2374 {
2375 struct inquiry_data data;
2376 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2377 int num_rsp = *((__u8 *) skb->data);
2378
2379 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2380
2381 if (!num_rsp)
2382 return;
2383
2384 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2385
2386 if (test_bit(HCI_MGMT, &hdev->flags))
2387 mgmt_discovering(hdev->id, 1);
2388 }
2389
2390 hci_dev_lock(hdev);
2391
2392 for (; num_rsp; num_rsp--, info++) {
2393 bacpy(&data.bdaddr, &info->bdaddr);
2394 data.pscan_rep_mode = info->pscan_rep_mode;
2395 data.pscan_period_mode = info->pscan_period_mode;
2396 data.pscan_mode = 0x00;
2397 memcpy(data.dev_class, info->dev_class, 3);
2398 data.clock_offset = info->clock_offset;
2399 data.rssi = info->rssi;
2400 data.ssp_mode = 0x01;
2401 hci_inquiry_cache_update(hdev, &data);
2402 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2403 info->rssi, info->data);
2404 }
2405
2406 hci_dev_unlock(hdev);
2407 }
2408
2409 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2410 {
2411 /* If remote requests dedicated bonding follow that lead */
2412 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2413 /* If both remote and local IO capabilities allow MITM
2414 * protection then require it, otherwise don't */
2415 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2416 return 0x02;
2417 else
2418 return 0x03;
2419 }
2420
2421 /* If remote requests no-bonding follow that lead */
2422 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2423 return conn->remote_auth | (conn->auth_type & 0x01);
2424
2425 return conn->auth_type;
2426 }
2427
2428 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2429 {
2430 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2431 struct hci_conn *conn;
2432
2433 BT_DBG("%s", hdev->name);
2434
2435 hci_dev_lock(hdev);
2436
2437 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2438 if (!conn)
2439 goto unlock;
2440
2441 hci_conn_hold(conn);
2442
2443 if (!test_bit(HCI_MGMT, &hdev->flags))
2444 goto unlock;
2445
2446 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2447 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2448 struct hci_cp_io_capability_reply cp;
2449
2450 bacpy(&cp.bdaddr, &ev->bdaddr);
2451 cp.capability = conn->io_capability;
2452 conn->auth_type = hci_get_auth_req(conn);
2453 cp.authentication = conn->auth_type;
2454
2455 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2456 hci_find_remote_oob_data(hdev, &conn->dst))
2457 cp.oob_data = 0x01;
2458 else
2459 cp.oob_data = 0x00;
2460
2461 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2462 sizeof(cp), &cp);
2463 } else {
2464 struct hci_cp_io_capability_neg_reply cp;
2465
2466 bacpy(&cp.bdaddr, &ev->bdaddr);
2467 cp.reason = 0x18; /* Pairing not allowed */
2468
2469 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2470 sizeof(cp), &cp);
2471 }
2472
2473 unlock:
2474 hci_dev_unlock(hdev);
2475 }
2476
2477 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2478 {
2479 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2480 struct hci_conn *conn;
2481
2482 BT_DBG("%s", hdev->name);
2483
2484 hci_dev_lock(hdev);
2485
2486 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2487 if (!conn)
2488 goto unlock;
2489
2490 conn->remote_cap = ev->capability;
2491 conn->remote_oob = ev->oob_data;
2492 conn->remote_auth = ev->authentication;
2493
2494 unlock:
2495 hci_dev_unlock(hdev);
2496 }
2497
2498 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2499 struct sk_buff *skb)
2500 {
2501 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2502 int loc_mitm, rem_mitm, confirm_hint = 0;
2503 struct hci_conn *conn;
2504
2505 BT_DBG("%s", hdev->name);
2506
2507 hci_dev_lock(hdev);
2508
2509 if (!test_bit(HCI_MGMT, &hdev->flags))
2510 goto unlock;
2511
2512 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2513 if (!conn)
2514 goto unlock;
2515
2516 loc_mitm = (conn->auth_type & 0x01);
2517 rem_mitm = (conn->remote_auth & 0x01);
2518
2519 /* If we require MITM but the remote device can't provide that
2520 * (it has NoInputNoOutput) then reject the confirmation
2521 * request. The only exception is when we're dedicated bonding
2522 * initiators (connect_cfm_cb set) since then we always have the MITM
2523 * bit set. */
2524 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2525 BT_DBG("Rejecting request: remote device can't provide MITM");
2526 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2527 sizeof(ev->bdaddr), &ev->bdaddr);
2528 goto unlock;
2529 }
2530
2531 /* If no side requires MITM protection; auto-accept */
2532 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2533 (!rem_mitm || conn->io_capability == 0x03)) {
2534
2535 /* If we're not the initiators request authorization to
2536 * proceed from user space (mgmt_user_confirm with
2537 * confirm_hint set to 1). */
2538 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2539 BT_DBG("Confirming auto-accept as acceptor");
2540 confirm_hint = 1;
2541 goto confirm;
2542 }
2543
2544 BT_DBG("Auto-accept of user confirmation with %ums delay",
2545 hdev->auto_accept_delay);
2546
2547 if (hdev->auto_accept_delay > 0) {
2548 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2549 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2550 goto unlock;
2551 }
2552
2553 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2554 sizeof(ev->bdaddr), &ev->bdaddr);
2555 goto unlock;
2556 }
2557
2558 confirm:
2559 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2560 confirm_hint);
2561
2562 unlock:
2563 hci_dev_unlock(hdev);
2564 }
2565
2566 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2567 {
2568 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2569 struct hci_conn *conn;
2570
2571 BT_DBG("%s", hdev->name);
2572
2573 hci_dev_lock(hdev);
2574
2575 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2576 if (!conn)
2577 goto unlock;
2578
2579 /* To avoid duplicate auth_failed events to user space we check
2580 * the HCI_CONN_AUTH_PEND flag which will be set if we
2581 * initiated the authentication. A traditional auth_complete
2582 * event gets always produced as initiator and is also mapped to
2583 * the mgmt_auth_failed event */
2584 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2585 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2586
2587 hci_conn_put(conn);
2588
2589 unlock:
2590 hci_dev_unlock(hdev);
2591 }
2592
2593 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2594 {
2595 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2596 struct inquiry_entry *ie;
2597
2598 BT_DBG("%s", hdev->name);
2599
2600 hci_dev_lock(hdev);
2601
2602 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2603 if (ie)
2604 ie->data.ssp_mode = (ev->features[0] & 0x01);
2605
2606 hci_dev_unlock(hdev);
2607 }
2608
2609 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2610 struct sk_buff *skb)
2611 {
2612 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2613 struct oob_data *data;
2614
2615 BT_DBG("%s", hdev->name);
2616
2617 hci_dev_lock(hdev);
2618
2619 if (!test_bit(HCI_MGMT, &hdev->flags))
2620 goto unlock;
2621
2622 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2623 if (data) {
2624 struct hci_cp_remote_oob_data_reply cp;
2625
2626 bacpy(&cp.bdaddr, &ev->bdaddr);
2627 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2628 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2629
2630 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2631 &cp);
2632 } else {
2633 struct hci_cp_remote_oob_data_neg_reply cp;
2634
2635 bacpy(&cp.bdaddr, &ev->bdaddr);
2636 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2637 &cp);
2638 }
2639
2640 unlock:
2641 hci_dev_unlock(hdev);
2642 }
2643
2644 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2645 {
2646 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2647 struct hci_conn *conn;
2648
2649 BT_DBG("%s status %d", hdev->name, ev->status);
2650
2651 hci_dev_lock(hdev);
2652
2653 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2654 if (!conn) {
2655 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2656 if (!conn) {
2657 BT_ERR("No memory for new connection");
2658 hci_dev_unlock(hdev);
2659 return;
2660 }
2661 }
2662
2663 if (ev->status) {
2664 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2665 hci_proto_connect_cfm(conn, ev->status);
2666 conn->state = BT_CLOSED;
2667 hci_conn_del(conn);
2668 goto unlock;
2669 }
2670
2671 mgmt_connected(hdev->id, &ev->bdaddr);
2672
2673 conn->handle = __le16_to_cpu(ev->handle);
2674 conn->state = BT_CONNECTED;
2675
2676 hci_conn_hold_device(conn);
2677 hci_conn_add_sysfs(conn);
2678
2679 hci_proto_connect_cfm(conn, ev->status);
2680
2681 unlock:
2682 hci_dev_unlock(hdev);
2683 }
2684
2685 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2686 {
2687 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2688
2689 skb_pull(skb, sizeof(*le_ev));
2690
2691 switch (le_ev->subevent) {
2692 case HCI_EV_LE_CONN_COMPLETE:
2693 hci_le_conn_complete_evt(hdev, skb);
2694 break;
2695
2696 default:
2697 break;
2698 }
2699 }
2700
2701 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2702 {
2703 struct hci_event_hdr *hdr = (void *) skb->data;
2704 __u8 event = hdr->evt;
2705
2706 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2707
2708 switch (event) {
2709 case HCI_EV_INQUIRY_COMPLETE:
2710 hci_inquiry_complete_evt(hdev, skb);
2711 break;
2712
2713 case HCI_EV_INQUIRY_RESULT:
2714 hci_inquiry_result_evt(hdev, skb);
2715 break;
2716
2717 case HCI_EV_CONN_COMPLETE:
2718 hci_conn_complete_evt(hdev, skb);
2719 break;
2720
2721 case HCI_EV_CONN_REQUEST:
2722 hci_conn_request_evt(hdev, skb);
2723 break;
2724
2725 case HCI_EV_DISCONN_COMPLETE:
2726 hci_disconn_complete_evt(hdev, skb);
2727 break;
2728
2729 case HCI_EV_AUTH_COMPLETE:
2730 hci_auth_complete_evt(hdev, skb);
2731 break;
2732
2733 case HCI_EV_REMOTE_NAME:
2734 hci_remote_name_evt(hdev, skb);
2735 break;
2736
2737 case HCI_EV_ENCRYPT_CHANGE:
2738 hci_encrypt_change_evt(hdev, skb);
2739 break;
2740
2741 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2742 hci_change_link_key_complete_evt(hdev, skb);
2743 break;
2744
2745 case HCI_EV_REMOTE_FEATURES:
2746 hci_remote_features_evt(hdev, skb);
2747 break;
2748
2749 case HCI_EV_REMOTE_VERSION:
2750 hci_remote_version_evt(hdev, skb);
2751 break;
2752
2753 case HCI_EV_QOS_SETUP_COMPLETE:
2754 hci_qos_setup_complete_evt(hdev, skb);
2755 break;
2756
2757 case HCI_EV_CMD_COMPLETE:
2758 hci_cmd_complete_evt(hdev, skb);
2759 break;
2760
2761 case HCI_EV_CMD_STATUS:
2762 hci_cmd_status_evt(hdev, skb);
2763 break;
2764
2765 case HCI_EV_ROLE_CHANGE:
2766 hci_role_change_evt(hdev, skb);
2767 break;
2768
2769 case HCI_EV_NUM_COMP_PKTS:
2770 hci_num_comp_pkts_evt(hdev, skb);
2771 break;
2772
2773 case HCI_EV_MODE_CHANGE:
2774 hci_mode_change_evt(hdev, skb);
2775 break;
2776
2777 case HCI_EV_PIN_CODE_REQ:
2778 hci_pin_code_request_evt(hdev, skb);
2779 break;
2780
2781 case HCI_EV_LINK_KEY_REQ:
2782 hci_link_key_request_evt(hdev, skb);
2783 break;
2784
2785 case HCI_EV_LINK_KEY_NOTIFY:
2786 hci_link_key_notify_evt(hdev, skb);
2787 break;
2788
2789 case HCI_EV_CLOCK_OFFSET:
2790 hci_clock_offset_evt(hdev, skb);
2791 break;
2792
2793 case HCI_EV_PKT_TYPE_CHANGE:
2794 hci_pkt_type_change_evt(hdev, skb);
2795 break;
2796
2797 case HCI_EV_PSCAN_REP_MODE:
2798 hci_pscan_rep_mode_evt(hdev, skb);
2799 break;
2800
2801 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2802 hci_inquiry_result_with_rssi_evt(hdev, skb);
2803 break;
2804
2805 case HCI_EV_REMOTE_EXT_FEATURES:
2806 hci_remote_ext_features_evt(hdev, skb);
2807 break;
2808
2809 case HCI_EV_SYNC_CONN_COMPLETE:
2810 hci_sync_conn_complete_evt(hdev, skb);
2811 break;
2812
2813 case HCI_EV_SYNC_CONN_CHANGED:
2814 hci_sync_conn_changed_evt(hdev, skb);
2815 break;
2816
2817 case HCI_EV_SNIFF_SUBRATE:
2818 hci_sniff_subrate_evt(hdev, skb);
2819 break;
2820
2821 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2822 hci_extended_inquiry_result_evt(hdev, skb);
2823 break;
2824
2825 case HCI_EV_IO_CAPA_REQUEST:
2826 hci_io_capa_request_evt(hdev, skb);
2827 break;
2828
2829 case HCI_EV_IO_CAPA_REPLY:
2830 hci_io_capa_reply_evt(hdev, skb);
2831 break;
2832
2833 case HCI_EV_USER_CONFIRM_REQUEST:
2834 hci_user_confirm_request_evt(hdev, skb);
2835 break;
2836
2837 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2838 hci_simple_pair_complete_evt(hdev, skb);
2839 break;
2840
2841 case HCI_EV_REMOTE_HOST_FEATURES:
2842 hci_remote_host_features_evt(hdev, skb);
2843 break;
2844
2845 case HCI_EV_LE_META:
2846 hci_le_meta_evt(hdev, skb);
2847 break;
2848
2849 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2850 hci_remote_oob_data_request_evt(hdev, skb);
2851 break;
2852
2853 default:
2854 BT_DBG("%s event 0x%x", hdev->name, event);
2855 break;
2856 }
2857
2858 kfree_skb(skb);
2859 hdev->stat.evt_rx++;
2860 }
2861
2862 /* Generate internal stack event */
2863 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2864 {
2865 struct hci_event_hdr *hdr;
2866 struct hci_ev_stack_internal *ev;
2867 struct sk_buff *skb;
2868
2869 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2870 if (!skb)
2871 return;
2872
2873 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2874 hdr->evt = HCI_EV_STACK_INTERNAL;
2875 hdr->plen = sizeof(*ev) + dlen;
2876
2877 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2878 ev->type = type;
2879 memcpy(ev->data, data, dlen);
2880
2881 bt_cb(skb)->incoming = 1;
2882 __net_timestamp(skb);
2883
2884 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
2885 skb->dev = (void *) hdev;
2886 hci_send_to_sock(hdev, skb, NULL);
2887 kfree_skb(skb);
2888 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree